Wireshark-users: Re: [Wireshark-users] HTTP not decoded
From: M Holt <m.iostreams@xxxxxxxxx>
Date: Wed, 3 Nov 2010 09:26:37 -0700
All this capture contains is a single packet -- a GET request.
If you go into your Wireshark preferences, under Protocols -> TCP, and uncheck the box that says "Allow subdisector to reassemble TCP streams", your "info" field will then show that it is a GET request.  You can also just right click on the packet and choose, "Follow TCP stream" to see the ascii contents of the packet easily.

 -- Mike

On Wed, Nov 3, 2010 at 8:30 AM, Srivats P <pstavirs@xxxxxxxxx> wrote:
Hi,

Wireshark does not seem to decode TCP port 80 as HTTP for the attached
pcap file - instead it shows the HTTP data as "TCP segment data".

Is this expected behaviour? Is it because the file does not contain
the TCP handshake packets?

Using Wireshark Version 1.2.1 (SVN Rev 29141) on Windows.

Regards,
Srivats

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe